Description
Discussed in #4233
Originally posted by timbray October 31, 2024
C2PA's official home is at https://contentauthenticity.org, the open-source software is at https://github.com/contentauth/c2patool, more depth at https://contentcredentials.org, slightly more human-readable explanatory blogs (from me) at https://www.tbray.org/ongoing/When/202x/2023/10/28/C2PA-Workflows and https://www.tbray.org/ongoing/When/202x/2024/10/29/Lane-Provenance
Tl;dr: PKI-based provable provenance for media files. Extra goodies: Details about what devices and software were involved in creating/manipulating the image.
Disclosure: No relationship with any of the C2PA organizations, just a photographer who cares about provenance and disinformation.
In a world with a lot of C2PA, what libvips should do is straightforward: Write a C2PA manifest into the EXIF saying the image was updated with libvips and some info about what was done. For extra credit, insert some identity information, e.g. a social media account, there are plenty of easy-to-access identity providers people might want to use. If there was already a C2PA manifest there do the right signature-chain things.